Jump to content

Still having issues with unmanaged clients


j-gray
 Share

Recommended Posts

In the process of upgrading agents and find systems that appear to be unmanaged, so I deploy the agent. The agent deploys successfully, but the client(s) still don't appear as managed.

 

I look at the clients and they all have the agent + AV already installed. On each client, 'last-error.html' and 'status.html' are all good --no errors and replication is occurring successfully. No errors in the trace log, either.

 

We don't include the agent on images so there should be no duplicate guids, but is there a way to verify or potentially find duplicates?

 

Any other suggestions to try? Everything looks good on the client side....

 

Thanks much.

Link to comment
Share on other sites

  • ESET Staff

In case you have access to problematic computer with "lost" AGENT installation, I would suggest to find out some unique identifier of this computer, for example IP address or MAC address of active ethernet interface. You should be able to identify this computer once you create report with selected identifier. If I recall correctly, you can even use search field in Webconsole upper panel to search for local IP address of computers.

Link to comment
Share on other sites

Thanks for the reply.

 

The systems do appear in the console, due to AD sync. However, they show unmanaged/no status.

 

It's looking like an image was created with the agent installed and deployed without a cloned-agent-reset.

 

Given the systems think they're unmanaged, we can't run any tasks on them. Is there any way to reset the guid or other options to fix this with remote tools?

Link to comment
Share on other sites

  • ESET Staff

In order to fix/diagnose this you will have to find out computer name as which is this AGENT connecting -> that why I wrote steps. If you find it, we will have to check whether:

  • computer is only wrongly named and therefore was not paired with "unmanaged" copy
  • multiple computers are sharing one entry in console (i.e. duplicated computers)

In most cases it is first case, but it may be also second one in case AGENTs are deployed using remote installation task.

Link to comment
Share on other sites

I found a workstation (call it y) in the console with the MAC address of the client that's not communicating (call it z). The one in the console (y) shows offline, which it is.

 

So how do I fix this? Delete the one in the console?

Link to comment
Share on other sites

  • ESET Staff

I found a workstation (call it y) in the console with the MAC address of the client that's not communicating (call it z). The one in the console (y) shows offline, which it is.

 

So how do I fix this? Delete the one in the console?

 

By offline you mean there is no last connection timestamp? Other parameter like FQDN, IP address are also matching computer you are looking for? Maybe this is former record of client before AGENT was uninstalled, and again installed?

From my point of view, easiest to find such computer is to check database on SERVER and search computers table for unique identifier lost AGENT is using. I can provide details if you feel for it - i will need only DB type.

 

One last idea I have is to force lost AGENT to generate logs visible in ERA console -> for example temporarily disabling firewall will result in functionality warning which may help you to find this AGENT.

Link to comment
Share on other sites

Hi, does it mean that there is no way to find duplicated computers using webconsole without disabling firewall etc? If so, which table would be helpful in mssql db? Thanks

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...